Risk Management January 23, 2023

Log4j Forever Changed What (Some) Cyber Pros Think About OSS

4 min read - In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath…

Government August 29, 2022

How Cybersecurity Policy Has Changed Since the SolarWinds Attack

3 min read - Major cyberattacks since 2019 jolted the U.S. government and software industry into action. The succeeding years have seen executive orders, new funding, two summits and a newfound resolve. Because of those attacks, the federal government aims to fix the open-source…

Incident Response January 7, 2022

5 Things New with Bug Bounty Programs

4 min read - On September 29, HackerOne announced the latest version of its Internet Bug Bounty (IBB) program. This initiative helped to coordinate the discovery of more than 1,000 security weaknesses in open-source software between 2013 and 2021. HackerOne’s latest version aims to…

Incident Response December 3, 2021

What the Internet Bug Bounty Teaches About Open-Source Software Security

4 min read - The security platform HackerOne recently announced the latest version of their Internet Bug Bounty (IBB) program. The IBB strives to enhance open-source software security by pooling resources and encouraging security experts (they call themselves hackers) to find flaws in open-source…

Intelligence & Analytics November 2, 2021

Using Open-Source Intelligence for Mergers and Acquisitions

3 min read - Mergers and acquisitions (M&A) have been challenging for IT and security teams for as long as businesses have relied on technology. Every company’s IT system is as unique as the company itself. Your business may run on commonly used tools…

Advanced Threats September 3, 2021

Fighting Cyber Threats With Open-Source Tools and Open Standards

7 min read - Detecting cyber threats is usually the first critical step in the mitigation of cyber attacks. Common means to achieve this goal are rules or analytics that track network and system behaviors and raise alerts when potentially malicious attacks are identified.…

Application Security May 25, 2021

Supply Chain Attacks: How To Reduce Open-Source Vulnerabilities

3 min read - When you read that software supply chain attacks increased 42% in the first quarter of 2021 over Q4 2020, you might think the cybersecurity problem was related to the traditional supply chain. Many people think of a supply chain as…

Risk Management July 24, 2020

Leveraging Open Source Can be Powerful for Cybersecurity

4 min read - Security vendors and end users have access to the same technology and resources, if not more, than the threat actor community. However, the area where cybersecurity falls short as an industry is teamwork. Vendors and end users rarely talk to…

CISO May 19, 2020

Why Security Orchestration, Automation and Response (SOAR) Is Fundamental to a Security Platform

4 min read - Placing SOAR at the heart of a security platform helps teams extend and maximize value across the ecosystem and to any security process while working in a centralized, coordinated manner.

May 6, 2020

New ‘Kaiji’ Linux Malware Targeting IoT Devices

2 min read - A new Linux malware strain known as "Kaiji" is targeting internet of things (IoT) devices via SSH brute-force attacks.